Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments
:1. Introduction
- RQ1.
- Can a generic ontology be developed to capture complex relationships between heterogeneous IoT properties to encapsulate vulnerabilities, attack attribution, impact evaluation, and mitigation strategies?
- RQ2.
- Can a unique risk scoring be developed to eliminate environment context dependency? How does the initial setting of the expert values for the RA offer a valid approach, and are these values generally applicable in a standard installation?
- RQ3.
- What are the limitations on the automated decision making for RA in dynamic environments, such as smarthomes, where deployed IoT devices constantly evolve (get replaced, updated and moved)?
- Development of a generic ontology for the representation of the IoT objects to encapsulate vulnerabilities, attack attribution, impact evaluation, and mitigation strategies in a smarthome environment.
- Presentation of the DRAF, encapsulating a risk scoring methodology based on the expert opinion settings. This framework was validated in real-life testbeds deployed in three European countries and demonstrates the potential of automated RA.
- Investigation into the limitations of the automated decision making for RA in a smarthome environment and their potential adaptation for similar dynamic environments, such as autonomous driving.
2. Related Work
2.1. Background
- Risk Identification
- What can go wrong?
- Risk Modelling, Quantification and Measurement
- Assessing likelihood;
- Modelling relationships between risks and impacts.
- Risk Evaluation
- Trade-offs in terms of costs, benefits and risks;
- Multi objective analysis.
- Risk Acceptance and Avoidance
- Decision making through level of risk acceptability;
- How safe is safe enough?
- Risk Management
- Execution or actual implementation of decision making.
Traditional Approaches
- Acceptance: acknowledgement of the possibility of the risk to occur in a specific setup, and taking the responsibility of dealing with the caused consequences;
- Mitigation: taking actions to limit the exposure of the risk and its consequences by controlling and limiting its occurrence;
- Transfer: delegation or propagation of the risk occurrence to a third party capable of taking responsibility and liability of the risk’s consequences; and
- Avoidance: ignorance of the risk occurrence likelihood and assumption of risk non-existence, as evidence of its occurring is too low or the associated cost of mitigation and transfer is too high.
- Assets: any items of value (infrastructure or reputation);
- Vulnerabilities: how to exploit assets;
- Threats: action to exploit vulnerability (deliberate or accidental);
- Attack likelihood: probability of threat; and
- Impact: estimation of the attack consequence.
- Human system integration: visual representation of the system;
- Interoperability identification: considerations towards dependencies; and
- Emergent behaviour evaluation: coupling systems for a new purpose.
2.2. Dynamic Risk Assessment
2.3. Attack Classification
2.4. Threat Modelling and Ontologies
3. Materials and Methods
3.1. Attack and Risk Mapping
3.1.1. IoT Stack
3.2. Risk Definition
- Manufacturer related, such as human factors, industrial process influence, operations, specifications, and protocols utilised, manufacturing costs, prioritisation of the customer requests, time constraints and legal compliance and obligations;
- Software related, such as the capability to perform and frequency of the updates, potential access to various kinds of data (personal and non-personal), vulnerability exposure, the inclusion of security and privacy threat modelling in the design process and source code openness for independent auditing;
- Hardware related, such as connectivity capabilities (direct Internet access or proxy mediator), the localisation of the object, the power and performance constraints and the actual materials used for object fabrication; and
- User related, such as behaviour patterns, general cyber awareness and human risk perception.
3.3. Risk Model
3.3.1. Risk Calculation
- Software: v23.6.4;
- Data: username; risk weight: 0.3; and
- Hardware: BLE; risk weight: 0.4.
- Software: PROM24js;
- Data: age; risk weight: 0.7;
- Data: address: risk weight: 0.6;
- Hardware: WiFi; risk weight: 0.7; and
- Hardware: BLE; risk weight: 0.4.
3.3.2. Methodology on Risk Mapping Derivation
3.3.3. Expert Values for Receptor Weights
4. Implementation
4.1. Architecture and Workflow
4.2. Input Processor
4.2.1. Launcher
4.2.2. Reporting Strategies
- Severity: the degree the impact of the detected anomaly can have on the device or home environment;
- Priority: the importance of having the anomaly resolved or investigated. This attribute relates mostly to the end-user point of view of how an anomaly may affect them (e.g., private data leakage vs. a non-functional smart lamp);
- Reliability: the confidence factor from the anomaly reporting module;
- Attack attribution: a reporting module can indicate a potential attack classification for a detected anomaly;
- Attack probability: the confidence of the reporting module on the attack’s class attribution;
- Source/Destination: depending on the reporting module field of view within the network, these two fields contain the corresponding source and destination identifiers. These identifiers are provided in several granular levels, namely at the smarthome level, indicating there is something wrong in the network, at the interface of a device (e.g., gateway endpoint with device ID or interface channel) or generic subnetwork type (e.g., Zigbee, Bluetooth, Z-wave), or precisely to the device by providing its Internet Protocol address (IP) or Media Access Control address (MAC);
- Target recipient: similar to source/destination, looking at the communication channel can precisely narrow down the scope of the anomaly. Depending on the type of analysed communication protocol, this can be indicated as broadcast, unicast or multicast destination points; and
- Reasoning: a descriptive field in which the reporting module may provide additional information through the means of a fixed set of acceptable values.
- What information needs to be transmitted? A reporting module can encompass a broad range of monitoring functionalities that can describe a variety of anomalies or focus on very specific issues. Thus, the information that reporting modules can provide can vary strongly and distinctly from one another.
- When and in what form? Many factors influence when a report will be generated, due to the intended functions of the module, the observed parameters, its operating context (on edge device, on the gateway or even external as a service in the Internet). The DRAF has to handle asynchronously the incoming reports from multiple reporting modules, which report in an irregular (sparse) manner.
- Why and how? As functions differ, their intent for providing a report can be misleading. For example a module monitoring the absence of data reporting, e.g., a life beat packet from a smart smoke detector, may indicate that the battery has been depleted or the device is malfunctioning. On the other hand, a bed sensor may also report absence of data due to the person not being at home, while both stating the same report for absence of data.
- Aggregated Prioritisation (AG): As the name implies, the primary attribute is priority. The anomaly reports incorporate intelligence on the aggregation of anomalies output based on the priority of the individual elements and provide their final outcome as the conclusion of the aggregation process (e.g., threshold, time window, batch size) with a priority score.
- Behaviour Deviation (BD): Leaning towards the severity and reliability as primary attributes, there are anomaly reports that report device and non-device behaviour deviations and higher level (application layer) events caused by a smarthome habitants.
- Attack Attribution (AA): Represented by anomaly reports that provide attack attribution data, either in the report as a dynamically filled attack identifier or as a fixed identifier defined by the scope of a specific attack detection use case.
4.2.3. Scheduler
- Job creator: for each packet an encapsulated job is launched, enabling the control and monitoring of the analysis of the packet;
- Parameter application: an internal interface to get and set DRAF parameters (e.g., number of threads, sleep time settings, priorities);
- Selection of the checker for the performance control and monitoring. For example, Block Rules (BR) are always verified, but Behaviour Analyser (BA) or Payload Check (PC) verification depends on the metrics that influence the choice of not running a checker; and
- Tracker: responsible for the main pipeline monitor. It creates estimations of how long jobs take to complete based on the historical effort log. For example, a huge number of profiles per device can influence the time it takes to process a packet from a specific device. Additionally, the type of the data might affect the effort for the PC.
4.3. Risk Analysers
4.3.1. Behaviour Analyser
- A comparison to the historical observations between the last identified pointers and accepted pointers;
- A comparison to the forecasted behaviour for the predicted pointers;
- Query matching thresholds with weights per identified property (e.g., 5 out of 10 properties matched);
- Per matched property evaluation of the threshold margins of the comparison per node (e.g., flow size property matched 80%); and
- Analysis of the system and user set configuration and preferences, forming exception or inclusion rules for properties, e.g., ‘ignore flow size’.
4.3.2. Payload Check
- RegEx matching: a set of regular expressions to detect private data;
- Secure Socket Layer (SSL) check: verify the SSL certificate and see if proper SSL packet is observed; and
- Suspicious payload confidence level.
4.3.3. Block Rules
- Public Blacklist: based on the data retrieved from the official external threat intelligence by means of the scoring system;
- Private Whitelist: as the name indicates, it enables the public blacklist to be bypassed by adding the destination point to the whitelist; and
- Private Blacklist: a personalised blacklist of selected addresses.
- Prioritisation: check the local whitelist, private blacklist and then copy of the public blacklist;
- Data refresh: if not blacklisted, then check with the external repository. If there is a reply time out, assume that IP is not present in the central intelligence repository (as the local copy of the public blacklist was synchronised earlier); and
- Score comparison: if the address is not blacklisted, check the score through the external resilience infrastructure. If the reply times out, assume that IP is safe. Otherwise, perform the reputation scoring routine [33].
4.3.4. Alert Processor
4.4. Risk Level Estimator
4.4.1. Immediate Risk Level
4.4.2. Current Risk Level
4.4.3. Weight Adjustments
AG Weight Adjustment
Listing 1. AG alert format extract. |
message AGReport { repeated AttackAlert attack_alert; } message AttackAlert { required AttackClass alert_class; required string alert_description; required Priority alert_priority; repeated FlowAlert flow_alert; } message FlowAlert { required string src_ip; required string dst_ip; required uint32 src_port; required uint32 dst_port; required uint32 alert_count; } |
- Prioritisation: alert_priority is given higher impact, and the sum of alert_count is given lower impact;
- Normalisation: a higher priority with a higher count should be more crucial to report, yet a higher priority with a low count is more valuable than low priority with a high count;
- Score adaptation:
- The final score adaptation strategy is calculated based on two variables:
- stepSize: ;
- maxNumberOfSteps: number of possible priorities scores, equal to 4 for the AG type of report;
- During the risk evaluation phase, the Artefact’s weight is adjusted according to this score, taking into consideration the observation of other ongoing anomalies.
BD Weight Adjustment
Listing 2. BD alert format extract. |
message AnomalyDetection { required uint32 severity_score; required uint32 reliability_score required DeviceInfo device; required string timestamp; required string reason; } |
- Prioritisation: severity_score is given higher impact, while reliability_score is given lower impact;
- Normalisation: higher severity with higher reliability should be more urgent to report, yet higher reliability with lower reliability is more valuable than low severity with high reliability;
- Score adaptation:
- The final score adaptation strategy is calculated based on two variables:
- stepSize: ;
- maxNumberOfSteps: number of possible priority scores, equal to 10 for the BD type of report;
- During the risk evaluation phase, an Artefact’s weight is adjusted according to this score, taking into consideration the observation of other ongoing anomalies.
AA Weight Adjustment
Listing 3. AA alert format extract. |
message CybersecurityStatus { required InterfaceType if_type; required InterfaceId if_id; required int32 id_slot; required float attack_proba; required double start_time; required double end_time; repeated AttackClassification attack_classification; } message AttackClassification { required AttackAttribution attack_class; required float probability; optional DeviceId device_id; } |
- Prioritisation: overall attack_proba is given higher impact, than individual probabilities for each classified attack;
- Normalisation: the bigger the difference between two variables, the less impact will be propagated to the RA;
- Score adaptation:
- The final score adaptation strategy is calculated based on two variables:
- stepSize: ;
- maxNumberOfSteps: number of possible priority scores, considering the threshold;
- During the risk evaluation phase, the Artefact’s weight is adjusted according to this score, taking into consideration the observation of other ongoing anomalies.
4.5. Decision Handler
4.5.1. Automated Decision Making
- SCI corresponds to Special Case Intervention, where no automation is possible at all; only Mitigation Advisory is provided;
- AA corresponds to Automated Action, where a decision was made in accordance with user’s desirable risk level settings;
- SI corresponds to Security Intervention, where a decision should be made by the user with a recommendation.
Algorithm 1: Decision Handler. |
4.5.2. Rendering Mediator
- The attribution level, e.g., device, interface, gateway;
- The last triggered Receptor, which enabled acceptable risk threshold over-passing;
- The associated risk, controlled by the attack vector scope;
- The identifier for the translation key; and
- The mitigation advisory.
4.5.3. Feedback Refinement
5. Results
5.1. Experimental Validation
- Measure the performance overhead of DRAF on the gateway;
- Validate the workflow capability to detect ongoing risks and apply an appropriate mitigation strategy in a real smarthome environment; and
- Validate the expert values’ correctness and their independence from the user profile settings, such as acceptable risk levels, automation optimisation and IoT devices’ profiles.
5.1.1. Deployment Setup
- Smarthome gateway (e.g., Raspberry Pi 3 single-board computer, CareLife smart IoT gateway (, accessed on 27 February 2022));
- Zigbee sensors (e.g., presence detector, door aperture detector);
- Bluetooth enabled medical devices (weight scale, blood pressure meter);
- Z-wave sensors (e.g., motion, door and window opening, smoke and flood sensors); and
- Z-wave devices (e.g., smart plug, smart dimmer).
5.1.2. Ethical Constraints
5.1.3. Workflow Validation in the Testbed Environments
5.1.4. Alert Fusion and Receptors Verification
- Attack 1: The battery of the living room sensor was removed;
- Attack 2: A total of 10 consecutive wrong blood pressure measurements were made;
- Attack 3: The emergency button was activated 20 times in a row;
- Attack 4: The door opening sensor of the entrance was uninstalled, and several detection triggers were forced;
- Attack 5: The battery of the door opening sensor of the entrance was removed;
- Attack 6: The bedroom sensor was moved to a nearer position; and
- Attack 7: A connection from an unknown device to the WiFi network.
5.1.5. Risk Coverage Analysis
6. Discussion
6.1. RQ1: Generic Ontology
6.2. RQ2: Risk Calculation and Context Dependency
6.3. RQ3: Limitations on Dynamic Risk Assessment
6.4. Challenges and Limitations
7. Conclusions and Future Work
Author Contributions
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
AA | Attack Attribution |
AcP | Active Profile |
AG | Aggregated Prioritisation |
AP | Alert Processor |
API | Application Programming Interface |
BA | Behaviour Analyser |
BD | Behaviour Deviation |
BR | Block Rules |
CC | Contextual Checker |
CPU | Central Processing Unit |
CRL | Current Risk Level |
CTI | Cyber Threat Intelligence |
DH | Decision Handler |
DNS | Domain Name System |
DRAF | Dynamic Risk Assessment Framework |
GC | Garbage Collector |
HHM | Hierarchical Holographic Modelling |
ICT | Information Communication Technology |
IoT | Internet of Things |
IP | Internet Protocol address |
IRL | Immediate Risk Level |
JVM | Java virtual machine |
MA | Mitigation Advisor |
MAC | Media Access Control address |
ORM | Object Role Modelling |
OS | Operating System |
PB | Profile Building |
PC | Payload Check |
PD | Personal Data |
PH | Profile Handler |
RA | Risk Assessment |
RLE | Risk Level Estimator |
RS | Reporting Strategy |
SSL | Secure Socket Layer |
SWRL | Semantic Web Rule Language |
- Bansal, M.; Chana, I.; Clarke, S. A Survey on IoT Big Data. ACM Comput. Surv. 2021, 53, 1–59. [Google Scholar] [CrossRef]
- Ali, W.; Dustgeer, G.; Awais, M.; Shah, M.A. IoT based smart home: Security challenges, security requirements and solutions. In Proceedings of the 2017 23rd International Conference on Automation and Computing (ICAC), Huddersfield, UK, 7–8 September 2017; pp. 1–6. [Google Scholar] [CrossRef]
- Jacobsson, A.; Boldt, M.; Carlsson, B. A risk analysis of a smart home automation system. Future Gener. Comput. Syst. 2016, 56, 719–733. [Google Scholar] [CrossRef] [Green Version]
- Park, M.; Oh, H.; Lee, K. Security risk measurement for information leakage in IoT-based smart homes from a situational awareness perspective. Sensors 2019, 19, 2148. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Rahmati, A.; Fernandes, E.; Eykholt, K.; Prakash, A. Tyche: Risk-Based Permissions for Smart Home Platforms. arXiv 2018, arXiv:1801.04609. [Google Scholar]
- Nurse, J.R.; Radanliev, P.; Creese, S.; De Roure, D. If you can’t understand it, you can’t properly assess it! The reality of assessing security risks in internet of things systems. IET Conf. Publ. 2018, 2018, 1–9. [Google Scholar] [CrossRef] [Green Version]
- Ali, B.; Awad, A.I. Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 2018, 18, 817. [Google Scholar] [CrossRef] [Green Version]
- Gonzalez-Granadillo, G.; Dubus, S.; Motzek, A.; Garcia-Alfaro, J.; Alvarez, E.; Merialdo, M.; Papillon, S.; Debar, H. Dynamic risk management response system to handle cyber threats. Future Gener. Comput. Syst. 2018, 83, 535–552. [Google Scholar] [CrossRef]
- Wheeler, E. Security Risk Management; Elsevier: Berlin/Heidelberg, Germany, 2011. [Google Scholar] [CrossRef]
- Caralli, R.; Stevens, J.; Young, L.; Wilson, W. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process; Technical Report CMU/SEI-2007-TR-012; Software Engineering Institute, Carnegie Mellon University: Pittsburgh, PA, USA, 2007. [Google Scholar]
- Ruan, K. Introducing cybernomics: A unifying economic framework for measuring cyber risk. Comput. Secur. 2017, 65, 77–89. [Google Scholar] [CrossRef]
- Colella, A. Cyber Security and Ubiquity: An Human-Centric Approach. 2017. Available online: (accessed on 27 February 2022).
- Rao, A.; Carreon, N.; Lysecky, R.; Rozenblit, J. Probabilistic Threat Detection for Risk Management in Cyber-physical Medical Systems. IEEE Softw. 2018, 35, 38–43. [Google Scholar] [CrossRef]
- Nurse, J.R.; Creese, S.; De Roure, D. Security Risk Assessment in Internet of Things Systems. IT Prof. 2017, 19, 20–26. [Google Scholar] [CrossRef]
- Atlam, H.F.; Walters, R.J.; Wills, G.B.; Daniel, J. Fuzzy Logic with Expert Judgment to Implement an Adaptive Risk-Based Access Control Model for IoT. Mob. Netw. Appl. 2019, 26, 2545–2557. [Google Scholar] [CrossRef] [Green Version]
- Alali, M.; Almogren, A.; Hassan, M.M.; Rassan, I.A.; Bhuiyan, M.Z.A. Improving risk assessment model of cyber security using fuzzy logic inference system. Comput. Secur. 2018, 74, 323–339. [Google Scholar] [CrossRef]
- Jakobson, G. Mission cyber security situation assessment using impact dependency graphs. In Proceedings of the Fusion 2011—14th International Conference on Information Fusion, Chicago, IL, USA, 5–8 July2011; pp. 1–8. [Google Scholar]
- Adat, V.; Gupta, B.B. Security in Internet of Things: Issues, challenges, taxonomy, and architecture. Telecommun. Syst. 2018, 67, 423–441. [Google Scholar] [CrossRef]
- Chen, K.; Zhang, S.; Li, Z.; Zhang, Y.; Deng, Q.; Ray, S.; Jin, Y. Internet-of-Things Security and Vulnerabilities: Taxonomy, Challenges, and Practice. J. Hardw. Syst. Secur. 2018, 2, 97–110. [Google Scholar] [CrossRef]
- Khan, M.A.; Salah, K. IoT security: Review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 2018, 82, 395–411. [Google Scholar] [CrossRef]
- Hossain, M.M.; Fotouhi, M.; Hasan, R. Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. In Proceedings of the 2015 IEEE World Congress on Services, SERVICES 2015, New York, NY, USA, 27 June–2 July 2015; pp. 21–28. [Google Scholar] [CrossRef]
- Cvitić, I.; Vujić, M.; Husnjak, S. Classification of security risks in the iot environment. In Proceedings of the 26th DAAAM International Symposium; DAAAM International: Vienna, Austria, 2016; pp. 731–740. [Google Scholar] [CrossRef]
- Aufner, P. The IoT security gap: A look down into the valley between threat models and their implementation. Int. J. Inf. Secur. 2020, 19, 3–14. [Google Scholar] [CrossRef] [Green Version]
- Doynikova, E.; Fedorchenko, A.; Kotenko, I. Ontology of metrics for cyber security assessment. In Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK, 26–29 August 2019. [Google Scholar] [CrossRef]
- Huang, X.; Yi, J.; Zhu, X.; Chen, S. A semantic approach with decision support for safety service in smart home management. Sensors 2016, 16, 1224. [Google Scholar] [CrossRef] [Green Version]
- Heartfield, R.; Loukas, G.; Budimir, S.; Bezemskij, A.; Fontaine, J.R.; Filippoupolitis, A.; Roesch, E. A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 2018, 78, 398–428. [Google Scholar] [CrossRef] [Green Version]
- Augusto-Gonzalez, J.; Collen, A.; Evangelatos, S.; Anagnostopoulos, M.; Spathoulas, G.; Giannoutakis, K.M.; Votis, K.; Tzovaras, D.; Genge, B.; Gelenbe, E.; et al. From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes. In Proceedings of the 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Limassol, Cyprus, 11–13 September 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Collen, A.; Nijdam, N.A.; Augusto-Gonzalez, J.; Katsikas, S.K.; Giannoutakis, K.M.; Spathoulas, G.; Gelenbe, E.; Votis, K.; Tzovaras, D.; Ghavami, N.; et al. GHOST—Safe-Guarding Home IoT Environments with Personalised Real-Time Risk Control. In Proceedings of the Security in Computer and Information Sciences, Euro-CYBERSEC 2018, Communications in Computer and Information Science, London, UK, 26–27 February 2018; Volume 821, pp. 68–78. [Google Scholar] [CrossRef] [Green Version]
- Haimes, Y.Y. Hierarchical Holographic Modeling. IEEE Trans. Syst. Man Cybern. 1981, 11, 606–617. [Google Scholar] [CrossRef]
- Meisel, M.; Pappas, V.; Zhang, L. A taxonomy of biologically inspired research in computer networking. Comput. Netw. 2010, 54, 901–916. [Google Scholar] [CrossRef] [Green Version]
- Alaparthy, V.T.; Morgera, S.D. A Multi-Level Intrusion Detection System for Wireless Sensor Networks Based on Immune Theory. IEEE Access 2018, 6, 47364–47373. [Google Scholar] [CrossRef]
- Pandey, P.; Collen, A.; Nijdam, N.; Anagnostopoulos, M.; Katsikas, S.; Konstantas, D. Towards automated threat-based risk assessment for cyber security in smarthomes. In Proceedings of the European Conference on Information Warfare and Security, ECCWS, Coimbra, Portugal, 4–5 July 2019; pp. 839–844. [Google Scholar]
- Spathoulas, G.; Collen, A.; Pandey, P.; Nijdam, N.A.; Katsikas, S.; Kouzinopoulos, C.S.; Moussa, M.B.; Giannoutakis, K.M.; Votis, K.; Tzovaras, D. Towards Reliable Integrity in Blacklisting: Facing Malicious IPs in GHOST Smart Contracts. In Proceedings of the 2018 IEEE (SMC) International Conference on Innovations in Intelligent Systems and Applications, INISTA 2018, Thessaloniki, Greece, 3–5 July 2018; pp. 1–8. [Google Scholar] [CrossRef]
- Anagnostopoulos, M.; Spathoulas, G.; Viaño, B.; Augusto-Gonzalez, J. Tracing Your Smart-Home Devices Conversations: A Real World IoT Traffic Data-Set. Sensors 2020, 20, 6600. [Google Scholar] [CrossRef] [PubMed]
Risk Name | Risk Shortname | Attack Association |
Physical Damage | PD | Physical Damage |
Trigger Fake Events | TFE | Malicious Device Injection |
Flood Network with Fake Events | FNFE | Mechanical Exhausting |
Absence of Service | AS | DoS Participation |
Sniff Traffic | ST | Device impersonation |
Battery Exhausting | BE | Battery Attack |
Unauthorised Control | UC | Malware |
Leaking Data | LD | Sensitive Data |
Gateway Abnormality | CA | Gateway Misbehaviour |
Malicious Destination | MD | Malicious Destination |
Artefact Name | Risk Shortname | Expert Value for Weight |
ST | 0.4 | |
LD | 0.4 | |
LD | 0.2 | |
FNFE | 0.2 | |
AS | 0.8 | |
FNFE | 0.2 | |
ST | 0.4 | |
AS | 0.2 | |
PD | 0.2 | |
ST | 0.4 | |
UC | 0.4 | |
LD | 0.2 |
Strategy | Priority | Severity | Reliability | Attribution | Probability | Src/Dst | Recipient | Reasoning |
AG | ✓ | ✓ | ✓ | ✓ | ||||
BD | ✓ | ✓ | ✓ | ✓ | ✓ | |||
AA | ✓ | ✓ | ✓ |
ID | Technical Action | Triggered Risk | Final Receptor |
1 | Verify physical integrity | Physical Damage | BEHAVIOUR DEVIATION |
2 | Verify battery | Physical Damage | FREQUENCY ANOMALY |
3 | Verify battery | Battery Exhausting | BATTERY ATTACK |
4 | Verify battery | Battery Exhausting | BATTERY SILENT |
5 | Block device temporarily | Flood Network with Fake Events | NEW EXTERNAL IP ADDRESS |
6 | Block device permanently | Unauthorised Control | UNREGISTERED DEVICE |
7 | Drop packets for flow temporarily | Sniff Traffic | NETWORK SCAN |
8 | Drop packets for flow permanently | Sniff Traffic | NEW EXTERNAL IP ADDRESS |
9 | Drop packets for source temporarily | Leaking Data | STRING DETECT |
10 | Drop packets for source permanently | Leaking data | TROJAN ACTIVITY |
ID | Type | Automated Decision | Alternatives | User Action | Mitigation Advisory | Attribution Level | Triggered Risk |
1 | AA | Block | Keep blocking, Allow | n/a | n/a | Device | Leaking Data |
2 | SI | Block | Keep blocking, Allow | n/a | Block | Device | Leaking Data |
3 | AA | Keep blocking | Keep blocking, Allow | n/a | n/a | Interface | Malicious Destination |
4 | SI | Keep blocking | Keep blocking, Allow | n/a | Manufacturer | Interface | Malicious Destination |
5 | SI | Block | Keep allowing, Block | Allow | Block | Device | Leaking Data |
6 | SCI | n/a | Removed, Checked, Manufacturer | Removed | n/a | Device | Absence of Service |
Objective | Relevance | Setup | Method |
Performance overhead | RQ3 (Section 5.1.1) | Real-life trials | Run-rime monitoring |
Workflow validation | RQ1 (Section 5.1.3) | Testbed | Real attack execution |
Expert values | RQ2 (Section 5.1.4) | Testbed | Replay of real attack execution |
Risk coverage | RQ1 (Section 5.1.5) | Real-life trials | Statistical analysis |
Reporting Strategies | Trial I | Trial II | Trial III |
AG | ✓ | ✓ | ✓ |
AA | ✓ | ✓ | |
BD | ✓ |
Parameter | Minimum | Average | Maximum |
CPU | 3.2% | 3.49% | 3.9% |
Memory | 56.96 MB | 61.22 MB | 63.32 MB |
Analyser | Attack | Risk | Automated D/MA |
BA | Physical Damage | Physical Damage | ✓/ ✓ |
PC | Sensitive Data | Leaking Data | ✓/ ✓ |
BR | Malicious Device Injection | Trigger Fake Events | ✓/ ✓ |
AP (AA) | Sensitive Data | Leaking Data | ✓/ ✓ |
AP (AA) | Battery Attack | Battery Exhausting | ✓/ ✓ |
AP (AA) | Malware | Unauthorised Control | ✓/ ✓ |
AP (BD) | Gateway Misbehaviour | Gateway abnormality | ✓/ ✗ |
AP (BD) | DoS Participation | Absence of Service | ✓/ ✗ |
AP (AG) | Malware | Unauthorised Control | ✓/ ✓ |
AP (AG) | DoS Participation | Absence of Service | ✓/ ✓ |
AP (AG) | Sensitive Data | Leaking Data | ✓/ ✓ |
Nr | Analyser/Observed Artefacts | Expert Weight (Adjusted) | Triggered Risk | Time | D/MA |
1 | AP: BEHAVIOUR_DEVIATION | AC 0.3 (0.26) PD 0.8 (0.68) | Physical Damage | 157 ms | ✓/✓ |
BA: BEHAVIOUR_ANOMALY | UC 0.8 PD 0.2 TFE 0.2 | ||||
2 | No reports | n/a | n/a | n/a | n/a |
3 | AP: BEHAVIOUR_DEVIATION | AC 0.3 (0.24) PD 0.8 (0.64) | Physical Damage | 56 ms | ✓/✓ |
BA: BEHAVIOUR_ANOMALY | UC 0.8 PD 0.2 TFE 0.2 | ||||
AP: UNKNOWN_TRAFFIC | UC 0.2 (0.12) PD 0.2 (0.12) FNFE 0.2 (0.12) | ||||
4 | No reports | n/a | n/a | n/a | n/a |
5 | AP: BEHAVIOUR_DEVIATION | AC 0.3 (0.26) PD 0.8 (0.72) | Physical Damage | 123 ms | ✓/✓ |
BA: BEHAVIOUR_ANOMALY | UC 0.8 PD 0.2 TFE 0.2 | ||||
6 | No reports | n/a | n/a | n/a | n/a |
7 | BR: NEW_EXTERNAL_IP_ADDRESS | TFE 0.4 ST 0.4 UC 0.4 PD 0.2 | Sniff Traffic | 295 ms | ✓/✓ |
AP: TCP_CONNECTION | ST 0.2 (0.18) LD 0.1 |
Risk Name | Artefacts Total | Reporting Strategies | ||
AA | AG | BD | ||
Physical Damage | 33 | 2 | 2 | 29 |
Trigger Fake Events | 13 | 2 | 10 | 1 |
Flood Network with Fake Events | 5 | 1 | 4 | 0 |
Absence of Service | 123 | 21 | 3 | 99 |
Sniff Traffic | 10 | 3 | 6 | 1 |
Battery Exhausting | 3 | 2 | 0 | 1 |
Unauthorised Control | 38 | 3 | 33 | 2 |
Leaking Data | 25 | 3 | 22 | 0 |
Gateway abnormality | 104 | 0 | 0 | 104 |
Malicious Destination | 1 | 1 | 0 | 0 |
Behaviour Deviation | 1 | 1 | 0 | 0 |
Overall | 356 | 39 | 80 | 237 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (
Share and Cite
Collen, A.; Nijdam, N.A. Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments. Electronics 2022, 11, 1123.
Collen A, Nijdam NA. Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments. Electronics. 2022; 11(7):1123.
Chicago/Turabian StyleCollen, Anastasija, and Niels Alexander Nijdam. 2022. "Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments" Electronics 11, no. 7: 1123.
APA StyleCollen, A., & Nijdam, N. A. (2022). Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments. Electronics, 11(7), 1123.